|
|
Log in / Subscribe / Register

mingw32-libpng: information disclosure

Package(s):mingw32-libpng CVE #(s):CVE-2009-2042
Created:June 16, 2009 Updated:August 17, 2010
Description: From the CVE entry: libpng before 1.2.37 does not properly parse 1-bit interlaced images with width values that are not divisible by 8, which causes libpng to include uninitialized bits in certain rows of a PNG file and might allow remote attackers to read portions of sensitive memory via "out-of-bounds pixels" in the file.
Alerts:
Gentoo 201412-08 insight, perl-tk, sourcenav, tk, partimage, bitdefender-console, mlmmj, acl, xinit, gzip, ncompress, liblzw, splashutils, m4, kdm, gtk+, kget, dvipng, beanstalkd, pmount, pam_krb5, gv, lftp, uzbl, slim, iputils, dvbstreamer 2014-12-11
Oracle ELSA-2012-0317 libpng 2012-02-21
CentOS CESA-2010:0534 libpng 2010-08-16
CentOS CESA-2010:0534 libpng 2010-07-21
CentOS CESA-2010:0534 libpng 2010-07-21
CentOS CESA-2010:0534 libpng 2010-07-14
Red Hat RHSA-2010:0534-01 libpng 2010-07-14
Debian DSA-2032-1 libpng 2010-04-11
Mandriva MDVSA-2010:063 libpng 2010-03-22
Ubuntu USN-913-1 libpng 2010-03-16
Gentoo 200906-01 libpng 2009-06-27
Slackware SSA:2009-170-01 libpng 2009-06-22
Fedora FEDORA-2009-6506 libpng 2009-06-18
Fedora FEDORA-2009-6531 libpng 2009-06-18
Fedora FEDORA-2009-6603 libpng 2009-06-18
Fedora FEDORA-2009-6400 mingw32-libpng 2009-06-15
Fedora FEDORA-2009-5977 mingw32-libpng 2009-06-15
to post comments

mingw32-libpng: information disclosure

Posted Jun 18, 2009 9:33 UTC (Thu) by rwmj (subscriber, #5474) [Link]

Just to clarify, the vulnerability is in libpng, and it affects the base libpng package too, all versions before 1.2.37.


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds